Upload
sonatype
View
212
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Many vulnerabilities go unresolved because compliance does not require fixing the issues at any point during the development process. However, the cost of fixing software defects post release can be up to 100x the cost of fixing the same issues at beginning of the software development life cycle.
Citation preview
The Real Cost of Waitingto Secure Your Applications
2© 2013 WhiteHat Security, Inc.
BIO
Jeremiah Grossman Founder & CTO of WhiteHat Security Practicing Web security since 2000 International speaker (6-continents) InfoWorld Top 25 CTO Co-founder of the WASC Co-author: XSS Attacks Former Yahoo! information security officer Brazilian Jiu-Jitsu Black Belt
3© 2013 WhiteHat Security, Inc.
BIO
Ryan Berg Chief Security Officer at Sonatype Co-founder and chief scientist
for Ounce Labs Patent holder, author, teacher Co-founded Qiave Technologie
Measuring the Costsurvey summaries
Distribution of Responsibility
* Sonatype
Product Code Deployment
* Sonatype
© 2013 WhiteHat Security, Inc. 9
Top 15 Vulnerability Classes (2012)Percentage likelihood that at least one serious* vulnerability will appear in a website
MOST COMMON VULNS
© 2013 WhiteHat Security, Inc. 10
OVERALL
Overall Vulnerability Population (2012) Percentage breakdown of all the serious* vulnerabilities discovered
(Sorted by vulnerability class)
Addressing Vulnerabilities
* Sonatype
Cost of Fixing Software Defects
* Atom Consulting
© 2013 WhiteHat Security, Inc. 13
Drivers to Resolve Vulnerabilities
© 2013 WhiteHat Security, Inc. 14
Why Vulnerabilities Go Unresolved
Can there be a balance?
The Real Cost of Waitingto Secure Your Applications